CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0402
https://notcve.org/view.php?id=CVE-2008-0402
Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. Vulnerabilidad no especificada en IBM WebSphere Business Modeler Basic y Advanced 6.0.2.1 anterior a Interim Fix 11 permite a usuarios remotos validados evitar intenciones las restricciones de acceso intencionada y borrar recursos del repositorio de su elección a través de vectores desconocidos, incluso cuando no son administradores o miembros del grupo al que pertenece el respositorio. • http://secunia.com/advisories/28586 http://www-1.ibm.com/support/docview.wss?uid=swg24018060 http://www-1.ibm.com/support/docview.wss?uid=swg24018061 http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only http://www.securityfocus.com/bid/27389 http://www.securitytracker.com/id?1019252 http://www.vupen.com/english/advisories/2008/0254 https://exchange.xforce.ibmcloud.com/vulnerabilities/39830 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 40EXPL: 0CVE-2008-0389
https://notcve.org/view.php?id=CVE-2008-0389
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors. Una vulnerabilidad no especificada en la función serveServletsByClassnameEnabled en IBM WebSphere Application Server (WAS) versiones 6.0 hasta 6.0.2.25, versiones 6.1 hasta 6.1.0.14 y versiones 5.1.1.x anteriores a 5.1.1.18, presenta un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/28576 http://secunia.com/advisories/29687 http://www-1.ibm.com/support/docview.wss?uid=swg24018067 http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118 http://www.securityfocus.com/bid/27371 http://www.securitytracker.com/id?1019251 http://www.securitytracker.com/id?1019894 http://www.vupen.com/english/advisories/2008/0219 http://www.vupen.com/english/advisories/2008/1133 https://exchange.xforce.ibmcloud.com/vulnerabilities/39808 •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2007-6679
https://notcve.org/view.php?id=CVE-2007-6679
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected. Una vulnerabilidad no especificada en la Consola Administrativa en IBM WebSphere Application Server versión 6.1 anterior a Fix Pack 13, presenta vectores de ataques e impactos desconocidos, relacionados a "security concerns with monitor role users." NOTA: más tarde se reportó que las versión 6.0.2 anterior a Fix Pack 25 también esta afectado • http://secunia.com/advisories/28588 http://securitytracker.com/id?1019174 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://www-1.ibm.com/support/search.wss?rs=0&q=PK45768&apar=only http://www.vupen.com/english/advisories/2007/3955 http://www.vupen.com/english/advisories/2008/0241 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6044
https://notcve.org/view.php?id=CVE-2007-6044
Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en IBM WebSphere MQ 6.0 tienen un impacto desconocido y vectores de ataque remotos que afectan al "consumo de memoria." NOTA: como en 20071116, la única divulgación es un vago preaviso con una información no accinable. • http://osvdb.org/45302 http://securityreason.com/securityalert/3381 http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM http://www.securityfocus.com/archive/1/483708/100/0/threaded http://www.securityfocus.com/bid/26441 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1CVE-2007-5944 – IBM Websphere Application Server 5.1.1 - WebContainer HTTP Request Header Security
https://notcve.org/view.php?id=CVE-2007-5944
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure. Una vulnerabilidad de tipo cross-site scripting (XSS) en Servlet Engine / Web Container en IBM WebSphere Application Server (WAS) versiones 5.1.1.4 hasta 5.1.1.1.16, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del encabezado HTTP Expect. NOTA: este podría ser el mismo problema que el CVE-2006-3918, pero no hay detalles suficientes para estar seguros. • https://www.exploit-db.com/exploits/30768 http://osvdb.org/38700 http://secunia.com/advisories/27674 http://www-1.ibm.com/support/docview.wss?uid=swg1PK51068 http://www-1.ibm.com/support/docview.wss?uid=swg24017314 http://www.securityfocus.com/bid/26457 http://www.securitytracker.com/id?1018963 http://www.vupen.com/english/advisories/2007/3680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •